Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Abused Github to distribute malicious code" is a legal wording, not a EULA violation. A lawsuit, not an account ban.

Let's decide how serious this is. Exactly.

I am, for one, of the opinion that it is not at all serious. Not deserving of a lawsuit or an account ban. Not even newsworthy.

I mean, this could easily become the new normal for OSS. You use it – you're not insured against anything, for there is no formal contract.



You don’t need a contract to be protected against intentional harm.


In a society. Hence, "social contract".

There is no Zuckerverse contract.


no its a criminal act. crashing RANDOM servers that you DONT know what they do is not a protest.


Your argument could be used to describe any software defect, whether malicious or accidental. Open-source code is mostly not produced with any knowledge of downstream servers; that's the responsibility of the server owners. The software developers also have a responsibility to ensure they trust the author and are okay with the code they are importing into their own projects.


No it only describes malicious intent which IS required for it to be malware aka criminal.


That is for the courts to decide, not GitHub or you. There's plenty of people here already that disagree on whether the intent was malicious.


> There's plenty of people here already that disagree on whether the intent was malicious.

No, I haven't seen many people try to argue that the intent wasn't malicious. Most people seem to be arguing that it's fine and npm and Github should allow it. Or the classic you shouldn't trust random software. If you ever wonder why people like the Apple app store just look at the Devs in this comment section. Makes it kinda hard to trust you.


1. The Ad Hominem (on top of the Attribution Error) is uncalled for.

2. You originally claimed, " no its a criminal act. crashing RANDOM servers that you DONT know what they do ...". That is far removed from what you're talking about here. Which is not only misplaced, but also ignorant.

3. Your original claim also implies that the intended effect of the change was to crash "RANDOM servers". I disagree with that claim, and with your subsequent claim that that proves malicious intent.

----

I understand that you're upset — I suspect because you've suffered either this or a fate similar to many unsuspecting users of the npm libraries in TFA — and would like to see whom you view as the cause behind it (i.e., the author) suffer some form of punishment. But that doesn't mean you should support just about any harm done to them by any entity in the world.

GitHub is not a software distribution platform/marketplace. It is not an "App Store". The relationship between one GitHub user and another is not very similar to the relationship between an app store user and publisher.

If you pull someone else's code through GitHub, you're clearly making a copy. From that point on, that copy is your responsibility. That is how the FOSS world has always worked, and so has GitHub's model of public repos.

Now, if you ask me about npm, that is a whole different thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: